Skip to content

KVM-VMI/kvm-vmi

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 


KVM-VMI

KVM-based Virtual Machine Instrospection.

CI Slack Slack_Users

Table of Contents

Overview

This project adds virtual machine introspection to the KVM hypervisor.

Virtual Machine Introspection is a technology that aims to understand the guest's execution context, solely based on the VM's hardware state, for various purposes:

  • Debugging
  • Malware Analysis
  • Live-Memory Analysis
  • OS Hardening
  • Monitoring
  • Fuzzing

See the presentations section for more information.

This project is divided into 4 components:

  • kvm: linux kernel with vmi patches for KVM
  • qemu: patched to allow introspection
  • nitro (legacy): userland library which receives events, introspects the virtual machine state, and fills the semantic gap
  • libvmi: virtual machine instrospection library with unified API across Xen and KVM

At the moment, 2 versions of VMI patches are available for QEMU/KVM in this repository:

Installation

Follow the Setup guide

Presentations

References

The legacy VMI system contained in this repo (Nitro) is based on Jonas Pfoh's work:

Maintainers

@Wenzel

License

GNU General Public License v3.0